BoringSecurity

I went from fintech management to an analyst role at 32 and havent regretted it a day. And it only took me a couple years to get back to a management role.

Safety and security go hand in hand. Its the security teams job to consider safety first and foremost. And there are a lot of parallels with what O’Neil did which we can apply to security.

Looking to modernize your security program this year? Here is one approach that will make the whole C-suite appreciate your infsoec team.

We often think of applying CIA to data. But we should apply it to everything in our business. Systems, processes, people, physical.

Similar to Paul O’Neil transformed Alcoa as their CEO. He focused on one thing: Safety. And completely transformed the culture. By reporting, tracking, and remediating all safety incidents he led the company to bounds of operational efficiencies and innovations.

Of course you have your SOC managing events and incidents which should also be reported and follow the same post mortems. Impactful incidents should be prioritized, tracked, and reported to management.

Really drill down the WHY as to how there was an impact to CIA. Find your common and impactful post mortems. You should ask WHY at least 3 times to get to a proper post mortem.

What will this do? This will give your security team enormous amounts of operational data on mishaps and inefficiencies with the business. With proper business impact analysis and system inventory (which many security teams custodian) track these and perform post mortems

Door into building is jammed? Someone couldn’t log onto the VPN? You might have accidentally emailed the wrong customer? Report it all.

Technology does not need to be boring. Security does.